Cyber Crime

As our economy moves on-line, the opportunity for crime moves with it. While traditional crime generally requires a physical presence, computer crime often doesn't. With a computer, people can take, vandalize or destroy information over unlimited distances and often do it in almost untraceable ways.

The press loves hacking and computer crime stories. In September 1996, the press jumped on one involving the CIA when hackers vandalized the CIA's Internet home page. According to CNN, once in, they "altered it, added obscenities and changed the agency's name on the page to the 'Central Stupidity Agency.' " Just a month earlier, the press reported that hackers broke into the Justice Department's site and vandalized it by adding swastikas, obscenities and a picture of Adolf Hitler to the site.

We've also all read about bank fraud using computers and heard stories about employees in all types of businesses who "break into accounting," maliciously destroy computer files or steal computer information. The misuse of computers is an increasing problem for government, business and individuals.

Legislators and courts have struggled to cope with the problems wrought by computer related crime. They've passed new laws and extended the reach of old ones. Since we're dealing with a mix of laws from 50 states and federal law, it's hard to generalize, but nonetheless it's fair to say that some basic concepts are clear. Some acts are almost certainly crimes anywhere in the United States.

Criminal Acts

First and most obvious, if you don't belong on a computer system, but you use it anyway, you've probably committed a crime. It won't matter whether you sat down at a desk and starting typing away without permission or did it by breaking in over a phone line, either way you've probably committed a crime.

Now, let's say that you're an employee and you're permitted to use the company's computer. You still can commit a crime if you alter or destroy data without permission.

This should not cause you to panic as you consider properly deleting files while working. If you have permission to access a system, accidentally destroying important data won't subject you to criminal liability, although the owner of the destroyed data may not be real pleased with you.

So be assured that if it turns out that you deleted the final version of the Annual Report and not the early draft, you won't be going to jail. Of course, I can't say the same about the unemployment line.

Most states make it a crime to steal computer services. So, for instance, let's say that you figure out how to use America Online's service without paying for it. That would be an example of stealing computer services. Not all states make this specifically illegal, but for those that don't, the crime may fit under that state's general theft statutes.

Another computer crime is the unauthorized possession of passwords. Let's face it, anyone who knows a password that he shouldn't, can't be up to anything good. These laws deal with that situation by making mere possession a crime. There is no need to wait for improper use of a password. By then, it may be too late since the data may have been destroyed or stolen.

Another type of computer crime is sometimes called "computer fraud." This is when a person uses a computer to commit other crimes. Examples would be if somebody used a computer improperly to obtain property or services, or to embezzle money.

In an example of a case under this type of statute, a Georgia woman was convicted of a crime for using her position as a payroll clerk to make the computer generate checks to other employees, so that she could improperly cash the checks herself.

Federal Law

The federal government has jumped into this arena, primarily through two laws, the Computer Fraud and Abuse Act (the "Fraud Act") and the Electronic Communication Privacy Act (the "Privacy Act").

The Fraud Act is a somewhat complicated collection of crimes. Congress originally enacted it in 1984 as a limited-focus statute which proscribed things like improper access to a "federal interest computer." Congress broadened it in 1994 to make it more of a general computer crime law.

A person now violates federal law if, "through means of a computer used in interstate commerce," he or she recklessly or intentionally does things like damage a computer or its data, or causes a computer to deny access to its rightful user.

The Privacy Act was originally the telephone antiwiretapping act. Congress enacted it in response to Nixon administration Watergate-era abuses.

In 1986, Congress broadened the Privacy Act to include new forms of communications including transmissions of text like e-mail. It also now prohibits not just the interception of messages, as in a wiretap, but also the unauthorized access to messages on a computer system.

Violations of the Privacy Act subject the violator to both criminal penalties and civil liability.

It's a complicated statute riddled with exceptions and giving different levels of privacy depending on the type of electronic communication, who the intercepting party is (government agent or computer system operator), and whether the message is in transit or stored on a computer. It also includes detailed procedures that the government must follow to intercept or obtain the contents of electronic communication.

Use Good Security

The general state of criminal law as it applies to computer related crime is that most of the things that common sense says should be against the law are illegal. The old cliché applies here. " 'Law' is common sense as modified by the legislature and courts."

Nevertheless, you must still use good security measures to protect your computer systems and data. Home burglary is against the law, but we still lock our doors and use alarm systems. Computers are no different. Your information is vulnerable to theft if you don't employ experts to insure its security. Don't take this threat lightly. Once your information is in the wrong hands, there's no getting it back.

And please, no passwords that read like "9876." Sorry folks, that's not security.

Tannenbaum Helpern Syracuse & Hirschtritt LLP provides legal advice only to individuals or entities with which it has established an attorney-client relationship and such advice is based on the particular facts and circumstances of each matter. Contacting us through this site, or otherwise, will not establish an attorney-client relationship with us. Any e-mail or other communication sent to THSH or its lawyers through this site will not be treated as subject to the attorney-client privilege or as otherwise confidential and you should not include any confidential information in any such communication.